2019-046-end of the year, end of the decade, predictions, and how we've all changed
Published December 23, 2019
|
78 min
    Download
    Add to queue
    Copy URL
    Show notes

    End of year, end of decade

        Are things better than 10 years ago? 5 years ago?

        If there was one thing to change things for the better, what would that be?

     

    Good, Bad, Ugly 

    Did naming vulns make things better?

        Which industries are doing a good job of securing themselves? Finance?

        What do you wished never happened (security/compliance wise)?

        Ransomware infections with no bounties

        Still have people believing “Nessus” is a pentest

     

    https://nrf.com/

    https://www.retailitinsights.com/eventscalendar/eventdetail/1c77d5c6-8625-4f2b-bb98-89cca6590c49 

    https://monitorama.com/ 

    https://www.apics.org/credentials-education/events

     

    The Future

        PREDICTIONS!!!

        Bryan: The rise of the vetting programs  (Companies will want to vet content creators in their eco-systems)

        Cybuck: An uptick in surveillance tech; both disguised as cool home smart gadgets and straight up public safety.  Triggering a US GDPR type response.

    Injection remains as the undisputed heavyweight champion of app sec vulnerability (OWASP top 10).  And wishful thinking...broken authentication moves lower, denial of service goes down. https://twitter.com/WeldPond/status/1207383327491137536/photo/1

    JB: a major change in social media/generational shift in how we use it, legal or focus on new types of  mobile tech for example… Human networking in real-life in the age of ‘social’ ….“When you hire someone… you also hire their rolodex”  --- what do you think about this statement?  ..it’s role in InfoSec? Talent?

     

    JB- shouted out https://github.com/redcanaryco/atomic-red-team (Invoke-Atomic framework with powershell now on Linux, OSX, and Windows)

     

    JB - Link to hunting/stopping-human-trafficing org i mentioned :

    Shoutout

     Sherrie Caltagirone, Executive Director, Global Emancipation Network @GblEmancipation

    https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1569941622.pdf

     

    Mentioned https://monitorama.com/ https://github.com/viq/air-monitoring-scripts (viq form brake sec )

     

           

    Other topics

        Talk about where you were 10 years ago, and what you did to get where you are?

        Best Hacking tool?

        Best Enterprise Tool?

     

    Recent news

    https://www.zdnet.com/article/more-than-38000-people-will-stand-in-line-this-week-to-get-a-new-password/

    https://www.phoronix.com/scan.php?page=news_item&px=CERN-MALT-Microsoft-Alternative 

    https://www.iotworldtoday.com/2019/12/21/2020-predictions-apis-become-a-focus-of-iot-security/ 

    https://www.jonesday.com/en/insights/2018/10/california-to-regulate-security-of-iot-devices 

    News Stories from 2010 (see if they still make sense, or outdated)



    https://www.infosecurity-magazine.com/magazine-features/what-makes-a-ciso-employable/

    https://www.csoonline.com/article/2231454/verizon-s-2010-dbir--rise-in-misuse--malware-and-social-engineering.html

    https://www.owasp.org/index.php/OWASPTop10-2010-PressRelease



      15
      15
        0:00:00 / 0:00:00